CVE-2026-31431: Linux “Copy Fail” Vulnerability Enables Root Privilege Escalation Across Cloud Systems

Microsoft Defender has reported on CVE-2026-31431, a high-severity Linux kernel vulnerability known as “Copy Fail” that enables local privilege escalation to root across major distributions and cloud environments. The flaw, affecting kernels since 2017, stems from improper memory handling in the crypto subsystem and can be exploited by unprivileged users to corrupt kernel page cache and execute code with full system privileges. Although current activity is largely limited to proof-of-concept testing, the availability of a reliable exploit and its inclusion in CISA’s Known Exploited Vulnerabilities catalog raise concerns of imminent broader attacks. Organizations are urged to prioritize patching, restrict access, and monitor for suspicious activity due to the vulnerability’s potential for container escape and widespread system compromise.

Reference: microsoft.com